A team of researchers has demonstrated that attackers can launch browser-based side-channel attacks that use only HTML and CSS. They even tested this technique successfully on a wide range of platforms, including Apple’s recently introduced M1 chip.
What was discovered?
Researchers from the Ben-Gurion University of the Negev, the University of Adelaide, and the University of Michigan have published a paper on what they have termed as the first browser side-channel attack that works without using JavaScript.
- They formed a series of attacks where they progressively reduced dependency on JavaScript features, eventually developing a technique that entirely uses HTML and CSS.
- The analysis focused on Prime+Probe, a cache side-channel attack technique that can identify which cache sets are accessed by the target and uses that to infer potentially valuable information.
- The attack method has been successfully tested against hardened browser environments such as Tor, Chrome Zero, and DeterFox on devices with AMD, Intel, Samsung, and Apple chips.
- As cache attacks cannot be stopped by reducing timer resolution, any secret-bearing process sharing cache resources with a browser and connecting to suspicious websites is at risk.
Some side-channel attacks lately
- Last week, experts uncovered a new side-channel attack was targeting Intel processors, including the latest models such as Skylake and Coffee Lake, to gather sensitive data.
- A researcher found working exploits for a three-years-old side-channel vulnerability - Spectre (CVE-2017-5753).
Conclusion
The traditional security approach towards side-channel attacks has been disabling or restricting JavaScript features. However, this technique proves that such security measures are now not enough. In addition, these cache attacks cannot be stopped by simply reducing timer resolution, terminating timers, arrays, or threads, or even by fully disabling scripting support. Therefore, security professionals and users need to keep up with new cybersecurity developments and innovations.
Publisher
/https://cyware-ent.s3.amazonaws.com/image_bank/shutterstock_574000195.jpg)
/https://cyware-ent.s3.amazonaws.com/image_bank/2bc3_shutterstock_89996.jpg)
